Skip to content

News
Cybercrime
Risk
Policy
Privacy
Research
Cloud
Insurance

LinkedIn
Facebook

Covenant

APT28 uses BEARDSHELL and COVENANT to surveil Ukrainian military

Cybercrime, News, Research

March 11, 2026

ESET documented APT28 use of BEARDSHELL and COVENANT to surveil Ukrainian military since April 2024. The implants use cloud storage for command and control and show links to earlier APT28 tooling.
APT28 exploits Microsoft Office bug to deploy email stealer and Covenant implant

Cybercrime, News, Research, Vulnerabilities

February 3, 2026

Russia-linked APT28 exploited a Microsoft Office bypass tracked as CVE-2026-21509 to deliver an Outlook email stealer and a Covenant Grunt implant in Ukraine, Slovakia and Romania, researchers say.

About
Editorial Policy
Privacy
Contact